SSL Certificate Analysis for console.jumpcloud.com - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=console.jumpcloud.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

November 23, 2025

Valid Until

February 22, 2026 32 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

68:C1:ED:CD:03:A0:3D:0E:D0:29:B3:48:A3:20:00:E2:55:42:4F:37:C1:90:67:F6:2B:70:8C:98:F0:3D:31:4E

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains;

Content-Security-Policy

Basic

worker-src; child-src; connect-src; +9 more

worker-src blob: 'self'; child-src https://fast.wistia.net https://intercom-sheets.com https://jumpcloud-1.wistia.com https://www.google.com https://www.intercom-reporting.com https://youtube.com; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.intercom.io https://706-rst-100.mktoresp.com https://api.segment.io https://api.split.io https://app.launchdarkly.com https://assets.jumpcloud.com https://auth.split.io https://browser-intake-datadoghq.com https://cdn.awsstg.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://clientstream.launchdarkly.com https://console.jumpcloud.com https://device-cert.jumpcloud.com https://edge.fullstory.com https://events.launchdarkly.com https://events.split.io https://ipv4.icanhazip.com http://localhost:1028 https://logs.browser-intake-datadoghq.com https://oauth.awsstg.jumpcloud.com https://oauth.jumpcloud.com https://oauth.jumpcloud.com https://raw.githubusercontent.com/TheJumpCloud/ https://rs.fullstory.com https://rum.browser-intake-datadoghq.com https://s3.us-east-1.amazonaws.com/jumpcloud-prd-devices-object-storage-uploads/ https://s3.us-east-2.amazonaws.com/jumpcloud-stg01-devices-object-storage-uploads/ https://s3.us-east-1.amazonaws.com/jumpcloud-prd-assets-imports/ https://s3.us-east-1.amazonaws.com/jumpcloud-prd-assets-asset-files/ https://sdk.split.io https://segment.jumpcloud.com https://segmentcdn.jumpcloud.com https://solupay.transactiongateway.com https://status.jumpcloud.com https://streaming.split.io https://uploads.au.intercomcdn.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://www.google-analytics.com https://analytics.google.com https://www.google.com https://*.navattic.com https://thirdparty.jumpcloud.com https://jumpcloud-sourcemaps-prd.s3.amazonaws.com wss://*.kinesisvideo.ap-northeast-1.amazonaws.com wss://*.kinesisvideo.eu-central-1.amazonaws.com wss://*.kinesisvideo.eu-west-2.amazonaws.com wss://*.kinesisvideo.us-east-1.amazonaws.com wss://*.kinesisvideo.us-west-2.amazonaws.com wss://nexus-australia-websocket.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; default-src 'self' https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com; font-src 'self' data: https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://fonts.intercomcdn.com https://js.intercomcdn.com; frame-ancestors 'self' https://login.jumpcloud.com https://fast.wistia.net https://jumpcloud-1.wistia.com https://www.google.com https://youtube.com; frame-src 'self' https://login.jumpcloud.com https://*.doubleclick.net https://*.duosecurity.com https://11226752.fls.doubleclick.net https://cloud.jumpcloud.com https://enterprise.google.com https://fast.wistia.net https://hello.jumpcloud.com https://intercom-sheets.com https://js.driftt.com https://js.intercomcdn.com https://js.stripe.com https://jumpcloud.chilipiper.com https://jumpcloud-1.wistia.com https://play.google.com https://solupay.transactiongateway.com https://www.google.com https://www.youtube.com https://xd.adobe.com https://*.navattic.com https://youtube.com; img-src 'self' data: https://jumpcloud.com https://cdn.cookielaw.org https://*.au.intercom-attachments.com https://*.google.com https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercom-attachments.eu https://*.mzstatic.com https://11226752.fls.doubleclick.net https://ad.doubleclick.net https://alb.reddit.com https://assets.jumpcloud.com https://august.takingbackjuly.com https://bat.bing.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://chart.googleapis.com https://downloads.au.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://facebook.com https://gifs.intercomcdn.com https://googleads.g.doubleclick.net https://insight.adsrvr.org https://js.intercomcdn.com https://june.takingbackjuly.com https://lh3.googleusercontent.com https://lh6.ggpht.com https://match.adsrvr.org https://messenger-apps.au.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.intercom.io https://p.typekit.net https://ping.typekit.net https://px.ads.linkedin.com https://q.stripe.com https://rs.fullstory.com https://s3.amazonaws.com/static.jumpcloud.com/ https://static.intercomassets.com https://stats.g.doubleclick.net https://storage.googleapis.com https://video-messages.intercomcdn.com https://www.facebook.com https://www.google-analytics.com https://www.redditstatic.com; media-src https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://fast.wistia.net https://js.driftt.com https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdn.cookielaw.org https://api.duosecurity.com https://api.stripe.com https://apis.google.com https://app.intercom.io https://assets.jumpcloud.com https://august.takingbackjuly.com https://bat.bing.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://connect.facebook.com https://connect.facebook.net https://ct.capterra.com https://edge.fullstory.com https://fast.wistia.net https://googleads.g.doubleclick.net https://js.driftt.com https://js.intercomcdn.com https://js.stripe.com https://june.takingbackjuly.com https://munchkin.marketo.net https://pi.pardot.com https://px.ads.linkedin.com https://q.stripe.com https://rs.fullstory.com https://segmentcdn.jumpcloud.com https://sjs.bizographics.com https://snap.licdn.com https://solupay.transactiongateway.com https://stats.g.doubleclick.net https://storage.googleapis.com https://tagmanager.google.com/ https://takingbackjuly.com https://thirdparty.jumpcloud.com https://jumpcloud-sourcemaps-prd.s3.amazonaws.com https://use.typekit.net https://widget.intercom.io https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com/ https://www.gstatic.com https://*.navattic.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://assets.jumpcloud.com https://cdn.awsstg.jumpcloud.com https://cdn.jumpcloud.com https://cdn.stg01.jumpcloud.com https://cdn03.jumpcloud.com https://fonts.googleapis.com/ https://solupay.transactiongateway.com https://tagmanager.google.com/ https://use.typekit.net

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

console.jumpcloud.com *.console.jumpcloud.com